CVE-2020-35276
CRITICALEgavilanMedia ECM Address Book 1.0 - SQL Injection via Admin Login Panel Bypass
Title source: llmDescription
EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.
References (3)
Core 3
Scores
CVSS v3
9.8
EPSS
0.0153
EPSS Percentile
71.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
egavilanmedia/ecm_address_book
1.0
Published
Dec 21, 2020
Tracked Since
Feb 18, 2026